Easydiscuss Smart Search Plugin permissions

By Gavin G on Tuesday, 25 March 2014

Replies 5

Likes 0

Votes 0

Hey guys,
I'm using the ED Smart Search plugin and after indexing all users are able to see summaries of posts they do not have access to view in the search results. Is there any way for this to be fixed or just provide me with a small hack to have the plugin ignore some ED categories?

I see in the plugin code there is some lines commented out that look like they have something to do with permissions but I don't really want to mess around trying myself because purging and reindexing my site takes a long time.

		// Map easydiscuss post privacy into joomla access

		// if( empty( $item->private ) )

		// {

		// 	$item->access	= '1';

		// }

		// else

		// {

		// 	$item->access	= '2';

		// }

Any help would be really appreciated because I want to start using the Easysocial search that you just introduced in 1.2.3, but I don't want my users to see posts in the restricted ED categories.

Thanks

Hello Gavin,

Can you provide us your backend and FTP access so we can have a better look on your issue here? Please advise.

Nik Faris

Tuesday, 25 March 2014 11:28

0 Likes

0 Votes

0 Comments

#132892

Hmm not really no because my live site isn't using the smart search because I haven't updated Easysocial to 1.2.3 yet. I have it on a test site still.
It seems the code in the plugin is ignoring access rights though.

	protected function getListQuery($sql = null)

	{

		$db = JFactory::getDbo();

		// Check if we can use the supplied SQL query.

		$sql = is_a($sql, 'JDatabaseQuery') ? $sql : $db->getQuery(true);

		$sql->select( 'a.*, b.title AS category, u.name AS author, eu.nickname AS created_by_alias');



		$sql->select('1 AS access');

		$sql->select('a.published AS state,a.id AS ordering');

		$sql->select('b.published AS cat_state, 1 AS cat_access');

		$sql->from('#__discuss_posts AS a');

		$sql->join('LEFT', '#__discuss_category AS b ON b.id = a.category_id');

		$sql->join('LEFT', '#__users AS u ON u.id = a.user_id');

		$sql->join('LEFT', '#__discuss_users AS eu ON eu.id = a.user_id');



		return $sql;

	}

This line:
$sql->select('1 AS access');

It's putting 1 in as the access level regardless of the indexed discussions access level. The plugin should be pulling the access level from the Easydiscuss category and putting it here instead of the 1, which is Public Users. If one of my Easydiscuss categories is for Super Users only it should be putting an 8 here.

If I manually change that 1 to an 8 and create a new post, that post when indexed is getting an 8 in the access column of the jos_finder_links table and therefore only shows that item in a search to Super Administrators (access level 8).

Any pointers/quick fixes on this would be really appreciated because I want to update my live site to ES 1.2.3. If you absolutely must have access to my site, I will need to update my live server and disable the search until you can take a look, but I would prefer if you could just post a fix here.

Thanks Nik

Gavin G

Tuesday, 25 March 2014 13:40

0 Likes

0 Votes

0 Comments

#132918

Hi Gavin,

I am sorry for the delay of this reply.

It seems like currently the EasyDiscuss finder plugin did not respect the permission from category. I will take a look again into this issue again and will get back to you once we have the issue fixed.
I am sorry for any inconvenient that may have caused to you.

Sam

Tuesday, 25 March 2014 19:47

0 Likes

0 Votes

0 Comments

#133074

Thanks very much Sam. I'll look forward to it.

Gavin G

Wednesday, 26 March 2014 01:29

0 Likes

0 Votes

0 Comments

#133197

Thanks for understanding Gavin, we'll keep you updated

Mark

Thursday, 27 March 2014 00:57

0 Likes

0 Votes

0 Comments

#133485